14 DAY TRIAL // The latest patched version of Flash Player is vulnerable to a type of attack known as remote binary planting or DLL preloading.
According to information disclosed by an outfit called the YGN Ethical Hacker Group, attackers can force Flash Player to execute arbitrary code by placing a rogue file named dwmapi.dll on the Desktop.
Apparently the plug-in attempts to load dwmapi.dll (Microsoft Desktop Window Manager API) each time Flash content is accessed inside the browser.
However, instead of specifying a full path to the library, the application searches for it in several locations, including the Desktop folder, according to a predefined order.
The issue can be exploited on Windows XP, because dwmapi.dll is only present only in post-Windows Vista systems, but additional methods must be employed in order to plant the rogue file on the Desktop.
The YGN Ethical Hacker Group claims to have tested the vulnerability on a fully patched Windows XP Service Pack 3 with Flash Player 10.1.82.76.
According to them, Adobe was notified about the problem on September 3rd, but no patch has yet been announced.
This type of vulnerability is the result of insecure programming practices and so far it has been confirmed to affect over 200 hundred applications, including many popular ones.
During the past week alone similar weaknesses were patched in iTunes, Firefox, Thunderbird, Safari and Opera.
Microsoft is aware of the issue and has released guidelines for developers to help them prevent this class of vulnerabilities.
"In addition to this guidance, Microsoft is releasing a tool that allows system administrators to mitigate the risk of this new attack vector by altering the library loading behavior system-wide or for specific applications," the company noted in a security advisory posted last month.